You are viewing a plain text version of this content. The canonical link for it is here.

Posted to rampart-dev@ws.apache.org by "Nandana Mihindukulasooriya (JIRA)" <ji...@apache.org> on 2007/12/14 11:53:43 UTC

[jira] Resolved: (RAMPART-122) /sp:EncryptedParts/sp:Header needs qualified attribute names

     [ https://issues.apache.org/jira/browse/RAMPART-122?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Nandana Mihindukulasooriya resolved RAMPART-122.
------------------------------------------------

    Resolution: Fixed

This is fixed in the trunk in the revision r590597. 

http://svn.apache.org/viewvc/webservices/rampart/trunk/java/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/builders/EncryptedPartsBuilder.java?view=diff&r1=588561&r2=590597&pathrev=590597

> /sp:EncryptedParts/sp:Header needs qualified attribute names
> ------------------------------------------------------------
>
>                 Key: RAMPART-122
>                 URL: https://issues.apache.org/jira/browse/RAMPART-122
>             Project: Rampart
>          Issue Type: Bug
>          Components: rampart-policy
>    Affects Versions: 1.3
>            Reporter: Kent Tong
>
> The following policy assertion will cause rampart to throw a NullPointerException:
> <sp:EncryptedParts>
> 	<sp:Header Name="Signature" Namespace="http://www.w3.org/2000/09/xmldsig#" />
> </sp:EncryptedParts>
> The offending line is shown below:
> public class EncryptedPartsBuilder implements AssertionBuilder {
>     ...
>     private void processElement(OMElement element, SignedEncryptedParts parent) {
>         
>         QName name = element.getQName();
>         
>         if (HEADER.equals(name)) {
>             Header header = new Header();
>             
>             OMAttribute nameAttribute = element.getAttribute(NAME);
>             if( nameAttribute != null ) {
>                 header.setName(nameAttribute.getAttributeValue());
>             }
>             
>             OMAttribute namespaceAttribute = element.getAttribute(NAMESPACE);
>             header.setNamespace(namespaceAttribute.getAttributeValue());      <======  THIS LINE FAILS
>             
>         } else if (BODY.equals(name)) {
>             parent.setBody(true);            
>         }        
>     }
> }
> It works if the policy assertion is changed to quality the attribute names:
> <sp:EncryptedParts>
> 	<sp:Header sp:Name="Signature" sp:Namespace="http://www.w3.org/2000/09/xmldsig#" />
> </sp:EncryptedParts>
> However, this is against the WS-SecurityPolicy spec at http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/ws-securitypolicy-1.2-spec-os.html#_Toc161826515

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.